IBM X-Force reports:
BleepingComputer published an article on a new phishing scam attempting to trick users into providing their Outlook Web App credentials.
The body of the email claims that there are various messages that require user approval before delivering. Each email entry is accompanied by a link to release, whitelist, or deny the associated message. All of these links redirect the victim to a fake Outlook Web App authentication page. Any credentials entered into the fake login form are saved on the site to be retrieved by the attacker at a later date.
The researchers note that recent phishing campaigns have leveraged OneDrive or Azure to host phishing content on a legitimate Microsoft domain, but this campaign leverages a random compromised site, making detection easier. For more information, see the BleepingComputer article.
This is a shared package.